CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-0850
https://notcve.org/view.php?id=CVE-2018-0850
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016 y Microsoft Office 2016 Click-to-Run permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se valida el formato de los mensajes entrantes. Esto también se conoce como "Microsoft Outlook Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/102866 http://www.securitytracker.com/id/1040382 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0850 •
CVSS: 9.3EPSS: 5%CPEs: 8EXPL: 0CVE-2018-0851
https://notcve.org/view.php?id=CVE-2018-0851
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852. Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 y RT SP1, Microsoft Office 2016 y Microsoft Office 2016 Click-to-Run (C2R) permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que Office gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2018-0852. • http://www.securityfocus.com/bid/102870 http://www.securitytracker.com/id/1040381 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 27%CPEs: 6EXPL: 0CVE-2018-0791
https://notcve.org/view.php?id=CVE-2018-0791
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 y Microsoft Outlook 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se analizan los mensajes de email. Esto también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". Este CVE es diferente de CVE-2018-0793. • http://www.securityfocus.com/bid/102383 http://www.securitytracker.com/id/1040154 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791 •
CVSS: 9.3EPSS: 89%CPEs: 12EXPL: 0CVE-2015-1641 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, y Office Web Apps Server 2010 SP2 y 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento RTF manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Microsoft Office.' Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user. • http://www.securityfocus.com/bid/73995 http://www.securitytracker.com/id/1032104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-033 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 97%CPEs: 8EXPL: 4CVE-2010-0266 – Outlook ATTACH_BY_REF_ONLY File Execution
https://notcve.org/view.php?id=CVE-2010-0266
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." Microsoft Office Outlook 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 no verifica correctamente adjuntos en correo electrónico con un valor adecuado PR_ATTACH_METHOD de ATTACH_BY_REFERENCE, el cual permite a atacantes remotos ayudados por el usuario ejecutar código arbitrario mediante mensajes manipulados, también conocidos como "Vulnerabilidad Microsoft Outlook SMB en adjuntos". • https://www.exploit-db.com/exploits/16700 https://www.exploit-db.com/exploits/16699 http://www.us-cert.gov/cas/techalerts/TA10-194A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11623 http://www.akitasecurity.nl/advisory.php?id=AK20091001 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb https& • CWE-94: Improper Control of Generation of Code ('Code Injection') •