CVSS: 9.3EPSS: 96%CPEs: 13EXPL: 4CVE-2013-3906 – Microsoft Graphics Component Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2013-3906
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013. El componente GDI + de Microsoft Windows Vista SP2 y Server 2008 SP2, Office 2003 SP3, 2007 SP3 y 2010 SP1 y SP2, Office Compatibility Pack SP3 y Lync 2010, 2010 Attende, 2.013 y Basic 2013 permite a atacantes remotos ejecutar código arbitrario a través de una imagen TIFF manipulada, como se ha demuestrado por exploits relaizados en octubre y noviembre de 2013 al abrir una imagen en un documento Word. Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. • https://www.exploit-db.com/exploits/30011 http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx http://technet.microsoft.com/security/advisory/2896666 http://www.exploit-db.com/exploits/30011 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-096 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 79%CPEs: 22EXPL: 1CVE-2013-1315
https://notcve.org/view.php?id=CVE-2013-1315
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; y Office Compatibility Pack SP3 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria), a través de un documento Office manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Microsoft Office". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 8EXPL: 0CVE-2012-1886
https://notcve.org/view.php?id=CVE-2012-1886
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 SP1; Excel Viewer; y Office Compatibility Pack SP2 y SP3 permite a atacantes remotos a ejecutar código provocar una denegación de servicio (corrupción de memoria) a través de una hoja de cálculo manipulada, también conocido como "Excel Memory Corruption Vulnerability." • http://www.securityfocus.com/bid/56426 http://www.securitytracker.com/id?1027752 http://www.us-cert.gov/cas/techalerts/TA12-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/78073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 9EXPL: 0CVE-2012-0141
https://notcve.org/view.php?id=CVE-2012-0141
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2011 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no manejan correctamente memoria durante la apertura de ficheros, permitiendo a atacantes remotos ejecutar código arbitrario mediante una hoja de cálculo manipulada, también conocido como "Vulnerabilidad de corrupción de memoria en ficheros Excel" • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53342 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15152 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 9EXPL: 0CVE-2012-0142
https://notcve.org/view.php?id=CVE-2012-0142
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." Microsoft Excel 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2008 para Mac; Excel Viewer; y Office Compatibility Pack SP2 y SP3 no maneja correctamente la memoria durante la apertura de ficheros, permitiendo que atacantes remotos ejecuten codigo arbitrario mediante una hoja de calculo manipulada, también conocido como "Vulnerabilidad de corrupción de memoria en el registro OBJECTLINKE en un fichero de Excel" • http://secunia.com/advisories/49112 http://www.securityfocus.com/bid/53373 http://www.securitytracker.com/id?1027041 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15543 • CWE-399: Resource Management Errors •