CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36565 – Microsoft Office Graphics Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36565
10 Oct 2023 — Microsoft Office Graphics Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Microsoft Office Graphics • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-40454 – Rich Text Edit Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-40454
13 Oct 2021 — Rich Text Edit Control Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en Rich Text Edit Control • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40454 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 6%CPEs: 23EXPL: 0CVE-2021-28455 – Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28455
11 May 2021 — Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Jet Red Database Engine y Access Connectivity Engine • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455 •
CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 0CVE-2020-16949 – Microsoft Outlook Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-16949
16 Oct 2020 —
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.
Se presenta una vul... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 • CWE-401: Missing Release of Memory after Effective Lifetime •CVSS: 8.8EPSS: 2%CPEs: 28EXPL: 0CVE-2020-16933 – Microsoft Word Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-16933
16 Oct 2020 —
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Mi... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16933 •
CVSS: 9.3EPSS: 18%CPEs: 5EXPL: 0CVE-2006-1318
https://notcve.org/view.php?id=CVE-2006-1318
19 Sep 2014 — Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability." Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2003 SP3, Office 2004 para Mac y Office X para Mac no analiza debidamente la longitud del registro, lo que permite a atacantes remotos ejecutar código arbitrario... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 2EXPL: 0CVE-2013-0082
https://notcve.org/view.php?id=CVE-2013-0082
13 Nov 2013 — Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." Microsoft Office 2003 SP3 y 2007 SP3 permite a atacantes remotos ejecutar código arbitrario a través de documentos WordPerfect (.wpd) manipulados, también conocido como "Vulnerablidad de Corrupción de Memoria en el Formato de Archivo WPD". • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 55%CPEs: 7EXPL: 0CVE-2013-1324
https://notcve.org/view.php?id=CVE-2013-1324
13 Nov 2013 — Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability." Desbordamiento de búfer basado en pila en Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT permite a atacantes remotos ejecutar código arbitrario a través de documentos WordPerfect (.wpd), también conocida como "Vulnerabilidad de Sobreescrit... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 55%CPEs: 2EXPL: 0CVE-2013-1325
https://notcve.org/view.php?id=CVE-2013-1325
13 Nov 2013 — Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Office 2003 SP3 y 2007 SP3 permite a atacantes remotos ejecutar código arbitrario a través de documentos WordPerfect (.wpd) manipulados, también conocida como "Vulnerabilidad de sobreescritura de memoria dinámica". • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 5CVE-2013-3906 – Microsoft Graphics Component Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2013-3906
06 Nov 2013 — GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013. El componente GDI + de Microsoft Windows Vista SP2 y Server 2008 SP2, Office 2003 SP3, 2007 SP3 y 2010 SP1 y SP2, Office Compatibility Pack SP3 ... • https://packetstorm.news/files/id/124203 • CWE-94: Improper Control of Generation of Code ('Code Injection') •